question

TalalAlMazrui-7760 avatar image
0 Votes"
TalalAlMazrui-7760 asked vipullag-MSFT commented

Domain password expiry notification on Windows Virtual Desktop

I have a GPO set on our domain to notify users of their passwords expiring several days before hand. Users logging in to Azure Virtual Desktop (aka WVD) don't seem to be getting this notification and I'm trying to figure out what I'm misisng.

I have this set on the DC as a GPO under: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive Logon: Prompt user to change password before expiration. It is being scoped out to the OU that the WVD instances are in, and I confirmed I'm seeing the policy applied on the WVD instance itself.

Is there any special set up needed for this to work on WVD?



azure-virtual-machines
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@TalalAlMazrui-7760

Apologies for delayed response on this.

Can you run rsop.msc on one of those end users to capture the GPO policies being applied. And share the information.

I checked with internal team on this, I see no reason this to not work on AVD unless this is something not functional on multi-session w10 yet.



0 Votes 0 ·

Hi there,

A slight update, i got the password notification to appear now, turns out notifications were turned off by default on WVD and I needed to push another GPO to re-enable this.

The only issue I'm having now is trying to push a registry edit GPO to AVD, specifically one that keeps the password notification on-screen longer than the 5 second default time, but for whatever reason the registryedit GPO does not push down to AVD.

When I run rsop on the virtual desktop, it doesn't even show any regedit GPOs being pushed down, and instead has a lock next to it. Any thoughts on this?

111310-image.png


0 Votes 0 ·
image.png (216.5 KiB)

@TalalAlMazrui-7760

Based on what you shared, looks like you are having issues with getting his GPOs applied.
Please run a remote GPO report via the GPMC to see if the GPO that includes the registry settings is applied or not.
And one more thing to add here is, we recommend to use Group Policy Preferences to set registry keys.

0 Votes 0 ·

1 Answer

TalalAlMazrui-7760 avatar image
0 Votes"
TalalAlMazrui-7760 answered vipullag-MSFT commented

Hi @vipullag-MSFT

I ran the report and everything checked. This is how I have the policy set out currently, is this what you mean?

112290-image.png



image.png (301.1 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@TalalAlMazrui-7760

Yes, this is a GPP setting for registry.

Is the key already present on the system and just needs an update, or do you want to create it? If you want to create it, you might need to change the action type.


And, as far as I can see, you want to add something to HKCU, but run it as a computer policy. This needs to be in the user configuration of the GPO to apply to a user.

0 Votes 0 ·